GrzegorzZ Posted July 28, 2013 Share Posted July 28, 2013 (edited) Hello, I just looked into my development server logs and saw [All IPs belong to Prestashop whole 91.240.109.x block]: 91.240.109.96 - - [28/Jul/2013:11:19:38 +0200] "GET91.240.109.88 - - [28/Jul/2013:11:19:39 +0200] "GET 91.240.109.68 - - [28/Jul/2013:11:19:49 +0200] "GET 91.240.109.76 - - [28/Jul/2013:11:19:50 +0200] "GET 91.240.109.121 - - [28/Jul/2013:11:19:59 +0200] "GET 91.240.109.96 - - [28/Jul/2013:11:19:59 +0200] "GET 91.240.109.82 - - [28/Jul/2013:11:20:10 +0200] "GET 91.240.109.72 - - [28/Jul/2013:11:20:11 +0200] "GET 91.240.109.107 - - [28/Jul/2013:11:20:21 +0200] "GET 91.240.109.90 - - [28/Jul/2013:11:20:32 +0200] "GET 91.240.109.120 - - [28/Jul/2013:11:21:06 +0200] "GET 91.240.109.94 - - [28/Jul/2013:11:21:06 +0200] "GET 91.240.109.117 - - [28/Jul/2013:11:21:16 +0200] "GET 91.240.109.125 - - [28/Jul/2013:11:21:16 +0200] "GET 91.240.109.112 - - [28/Jul/2013:11:22:18 +0200] "GET 91.240.109.91 - - [28/Jul/2013:11:22:18 +0200] "GET 91.240.109.89 - - [28/Jul/2013:11:22:28 +0200] "GET 91.240.109.101 - - [28/Jul/2013:11:22:30 +0200] "GET 91.240.109.121 - - [28/Jul/2013:11:52:57 +0200] "GET 91.240.109.120 - - [28/Jul/2013:11:52:57 +0200] "GET 91.240.109.102 - - [28/Jul/2013:11:53:08 +0200] "GET 91.240.109.85 - - [28/Jul/2013:11:53:14 +0200] "GET 91.240.109.122 - - [28/Jul/2013:11:53:53 +0200] "GET 91.240.109.122 - - [28/Jul/2013:11:53:54 +0200] "GET 91.240.109.108 - - [28/Jul/2013:11:54:04 +0200] "GET 91.240.109.75 - - [28/Jul/2013:11:54:07 +0200] "GET 91.240.109.111 - - [28/Jul/2013:13:40:36 +0200] "GET 91.240.109.84 - - [28/Jul/2013:13:40:36 +0200] "GET 91.240.109.103 - - [28/Jul/2013:13:40:46 +0200] "GET 91.240.109.120 - - [28/Jul/2013:13:40:52 +0200] "GET 91.240.109.94 - - [28/Jul/2013:14:04:13 +0200] "GET 91.240.109.110 - - [28/Jul/2013:14:04:13 +0200] "GET 91.240.109.105 - - [28/Jul/2013:14:04:24 +0200] "GET 91.240.109.76 - - [28/Jul/2013:14:04:27 +0200] "GET 91.240.109.81 - - [28/Jul/2013:14:59:43 +0200] "GET 91.240.109.118 - - [28/Jul/2013:14:59:43 +0200] "GET 91.240.109.81 - - [28/Jul/2013:14:59:53 +0200] "GET 91.240.109.105 - - [28/Jul/2013:14:59:56 +0200] "GET 91.240.109.87 - - [28/Jul/2013:15:00:02 +0200] "GET 91.240.109.104 - - [28/Jul/2013:15:00:03 +0200] "GET 91.240.109.119 - - [28/Jul/2013:15:02:20 +0200] "GET 91.240.109.84 - - [28/Jul/2013:15:02:20 +0200] "GET 91.240.109.121 - - [28/Jul/2013:15:02:31 +0200] "GET 91.240.109.112 - - [28/Jul/2013:15:02:35 +0200] "GET 91.240.109.66 - - [28/Jul/2013:15:07:24 +0200] "GET 91.240.109.73 - - [28/Jul/2013:15:07:24 +0200] "GET 91.240.109.102 - - [28/Jul/2013:15:07:34 +0200] "GET 91.240.109.121 - - [28/Jul/2013:15:07:40 +0200] "GET 91.240.109.97 - - [28/Jul/2013:15:25:21 +0200] "GET 91.240.109.72 - - [28/Jul/2013:15:25:21 +0200] "GET 91.240.109.79 - - [28/Jul/2013:15:25:31 +0200] "GET 91.240.109.95 - - [28/Jul/2013:15:25:31 +0200] "GET 91.240.109.101 - - [28/Jul/2013:16:01:31 +0200] "GET 91.240.109.73 - - [28/Jul/2013:16:01:33 +0200] "GET 91.240.109.120 - - [28/Jul/2013:16:01:44 +0200] "GET 91.240.109.86 - - [28/Jul/2013:16:01:44 +0200] "GET 91.240.109.89 - - [28/Jul/2013:16:01:45 +0200] "GET 91.240.109.118 - - [28/Jul/2013:16:01:46 +0200] "GET 91.240.109.65 - - [28/Jul/2013:16:07:56 +0200] "GET 91.240.109.119 - - [28/Jul/2013:16:07:57 +0200] "GET 91.240.109.71 - - [28/Jul/2013:16:08:07 +0200] "GET 91.240.109.73 - - [28/Jul/2013:16:08:08 +0200] "GET 91.240.109.66 - - [28/Jul/2013:16:08:15 +0200] "GET 91.240.109.116 - - [28/Jul/2013:16:08:15 +0200] "GET 91.240.109.109 - - [28/Jul/2013:16:47:48 +0200] "GET 91.240.109.97 - - [28/Jul/2013:16:47:48 +0200] "GET Where from did you get links to my private projects (these are only meant for specific people to see)? They are not meant to be public, yet you take those private links out and scan it? + Why are you taking out my private data? $return = @file_get_contents('http://api.prestashop.com/partner/premium/set_request.php?iso_country='.strtoupper($isoCountry).'&iso_lang='.strtolower($isoUser).'&host='.urlencode($_SERVER['HTTP_HOST']).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&partner='.htmlentities(Tools::getValue('module')).'&shop='.urlencode(Configuration::get('PS_SHOP_NAME')).'&email='.urlencode($email).'&firstname='.urlencode($firstname).'&lastname='.urlencode($lastname).'&type=home'); Which sends you my First and last name and my e-mail. Additionally my shopname etc. Edited July 28, 2013 by GacekSSJ4 (see edit history) Link to comment Share on other sites More sharing options...
vekia Posted July 29, 2013 Share Posted July 29, 2013 while installation you selected option to share your data? Link to comment Share on other sites More sharing options...
GrzegorzZ Posted July 29, 2013 Author Share Posted July 29, 2013 (edited) Nope, First of all in install script without any conditional statement to check if I checked any box is submitting my e-mail to newsletter. \install\controllers\console\process.php @ line 116 $params = http_build_query(array( 'email' => $this->datas->admin_email, 'method' => 'addMemberToNewsletter', 'language' => $this->datas->lang, 'visitorType' => 1, 'source' => 'installer' )); Tools::file_get_contents('http://www.prestashop.com/ajax/controller.php?'.$params); e-mail 2nd place would be: \controllers\admin\AdminHomeController.php @line 529 @getBlockPartners method $content = Tools::file_get_contents('http://api.prestashop.com/partner/premium/get_partners.php?protocol='.$protocol.'&iso_country='.Tools::strtoupper($isoCountry).'&iso_lang='.Tools::strtolower($isoUser).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&host='.urlencode($_SERVER['HTTP_HOST']).'&email='.urlencode(Configuration::get('PS_SHOP_EMAIL')), false, $stream_context); shop e-mail and all other data @line 623 @ajaxProcessSavePreactivationRequest method $return = @Tools::file_get_contents('http://api.prestashop.com/partner/premium/set_request.php?iso_country='.strtoupper($isoCountry).'&iso_lang='.strtolower($isoUser).'&host='.urlencode($_SERVER['HTTP_HOST']).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&partner='.htmlentities(Tools::getValue('module')).'&shop='.urlencode(Configuration::get('PS_SHOP_NAME')).'&email='.urlencode($email).'&firstname='.urlencode($firstname).'&lastname='.urlencode($lastname).'&type=home'); Firstname, lastname, email + more of Currently logged employee. That means any employee is submitted Edited July 29, 2013 by GacekSSJ4 (see edit history) Link to comment Share on other sites More sharing options...
milesdevelopment Posted February 28, 2014 Share Posted February 28, 2014 Yes, Im questioning the same thing, its like prestashop is connected to your administration of your website, by their api http://api.prestashop.com/xml which directly publishes data in your administration itself, is their a way to stop this connection between prestashop and our personnel website. Question isnt their a way to istall prestashop without using their install processes Link to comment Share on other sites More sharing options...
vekia Posted February 28, 2014 Share Posted February 28, 2014 the best: you can just block 91.240.* on your iptables Link to comment Share on other sites More sharing options...
Recommended Posts